Using Anomalies in Crash Reports to Detect Unknown Threats

Overview: One of the biggest challenges organizations face when protecting their intellectual property and other sensitive data is detecting, inspecting, and stopping attacks that are capable of bypassing their cyber defenses. Even the most advanced cyber-attacks will create anomalies in network and application telemetry that can be used to detect their existence. This white paper shows how such anomalies in application crash reports (specifically, those generated by Windows error reporting) can be used as risk indicators to find attacks that have bypassed cyber defenses.